IoT Inspector – Simply spy on your smart health home

Princeton University researchers have created IoT Inspector, a web application that lets you spy on your smart devices to see what they're doing. The open source tool, called IoT Inspector, is available for download as a download. Currently, this is only the Mac OS version; the Windows or Linux version should arrive soon.

IoT Inspector: a simple tool to analyze gadgets

On their blog, the developers explain that their objective is to offer consumers a simple tool to analyze the network traffic of their objects smart health connected to the Internet. The basic idea is to help people see if devices like smart speakers or Wi-Fi enabled robotic vacuums are sharing their data with third parties.

By testing the IoT Inspector tool in their laboratory, the researchers discovered that a Chromecast device was constantly contacting Google’s servers; even when it was not actively used. It was also found that a Geeni smart bulb was constantly communicating with the cloud; by sending / receiving traffic via a URL (tuyaus.com) managed by a company based in China with a platform controlling IoT devices.

Other analysis tools exist

There are other ways to track such devices. For example, there is the configuration of a wireless access point to detect IoT traffic using a packet analyzer such as WireShark. But the level of technical expertise required makes them difficult for many consumers.

While the researchers claim that their web application requires no special hardware or complex configuration, it seems easier than trying to detect the packages yourself. Gizmodo, who quickly reviewed the tool, described it as "incredibly easy to install and use."

Little info: the web application does not work with Safari. You will need either Firefox or Google Chrome (or a chrome-based browser) to make it work.

IoT Inspector will use your data

The main warning is that the Princeton team wants to use the data collected to fuel research on the Internet of Things. Thus the users of this tool will contribute to the efforts made to study smart health home devices.

The title of their research project is "Identifying the risks linked to the confidentiality, security and performance of consumer IoT devices". The principal investigators named are Professor Nick Feamster and postdoctoral researcher Danny Yuxing Huang from the university's Department of Computer Science.

The Princeton team intends to investigate privacy and security risks; as well as the network performance risks of IoT devices. But they also say they can share the entire dataset with other researchers after a standard research ethics approval process. IoT Inspector users will therefore participate in at least one research project.

"With IoT Inspector, we are the first in the research community to produce an anonymous, open source dataset on actual traffic on the IoT network, on which the identity of each device is labeled," write the researchers. “We hope to invite all university researchers to collaborate with us; for example, to analyze data or to improve data collection and advance our knowledge of security, privacy and other related areas.

In conclusion :

They produced a complete FAQ that anyone who wants to use the tool should read. They use ARP spoofing to intercept traffic data. This is a technique that can slow down your network.

The data collected by the traffic analysis tool is anonymized and the researchers state that they do not collect IP addresses. However, some privacy risks persist, for example if you have smart devices that you named under your real name. So, again, read the FAQ carefully if you want to participate.

For each IoT device on a network, the tool collects several data points and sends them back to servers at Princeton University; including DNS requests and responses, IP addresses and destination ports, hashed MAC addresses, aggregated traffic statistics, etc.

The tool was designed not to track computers, tablets and smartphones by default, as the study focused on smart health home smart health connected objects. Users can also manually exclude tracking of individual smart devices if they are able to turn them off during configuration or by specifying their MAC address.

Up to 50 smart devices can be tracked on the network where IoT Inspector is running. Anyone with more than 50 devices is invited to contact the researchers to request an increase in this limit.

The project team produced a ehealth showing how to install the application on Mac:

(Embed) https://www.youtube.com/watch?v=KaU80DpsaBw (/ embed)

AB SMART HEALTH REVIEW